How do you configure a MultipartResolver for a different maxUploadSize for a regular user vs. an admin?
I can define a MultipartResolver like this with a maxUploadSize of 10K (10000 bytes):
<bean id="multipartResolver"
class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<property name="maxUploadSize" value="10000"/>
</bean
However, if the admin needs to upload some large files via the admin interface which exceed this limit, the app needs to be temporarily re-configured to allow this - and then re-configured again to make sure regular users don't exceed this limit.
While this is happening, of course, a regular user could potentially sneak a large file in without receiving a warning.
Is there a way to configure the resolver to use a different maxUploadSize in these two situations?
Answer
The simplest method is to use differently-configured implementations of the bean for admins instead of for normal users. The most elegant way of doing that is to have a Spring 3.0 @Configuration bean that produces a session-scoped bean instance (I add a scoped proxy below as well, in case you're not using it in a session-scoped bean; otherwise you could just use a simpler annotation like this: @Scope(WebApplicationContext.SCOPE_SESSION)).
@Configuration
public class MultipartResolverBuilder {
@Bean @Scope(value = WebApplicationContext.SCOPE_SESSION,
proxyMode = ScopedProxyMode.TARGET_CLASS)
public CommonsMultipartResolver getMultipartResolver() {
CommonsMultipartResolver mr = new CommonsMultipartResolver();
if (user_is_not_admin) {
mr.setMaxUploadSize(10000);
}
return mr;
}
}
You'll need to add the code to determine whether the user is an admin or not, of course, and you'll need to add in support for scanning for annotation-based configuration (if you've not already got it; <context:annotation-config/>/<context:component-scan .../> are pretty common things to have).